Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4vcx-3pj3-44m7: Dosage vulnerable to a Directory Traversal through crafted HTTP responses

Impact

When downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met).

Patches

Fixed in release 3.2. The fix is small and self-contained, so distributors might elect to backport the fix to older versions.

Workarounds

No

ghsa
Open in Source
#web#git#perl

Impact

When downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met).

Patches

Fixed in release 3.2. The fix is small and self-contained, so distributors might elect to backport the fix to older versions.

Workarounds

No

References

  • GHSA-4vcx-3pj3-44m7
  • webcomics/dosage@336a968

ghsa: Latest News

GHSA-5pmx-7r6r-wfqq: Kgateway transformation policy template can emit files from the container
ghsa